<div dir="ltr">If I did that I am allowing narahari and robert who are members of teamsysuser group to be able to run commands as themselves and I am not allowed to do that.<div><br></div><div>All installs and system work has to be done as user teamsysuser only but teamsysuser is not a loginable account.</div><div><br></div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Aug 25, 2015 at 11:27 AM, Jim Kinney <span dir="ltr"><<a href="mailto:jim.kinney@gmail.com" target="_blank">jim.kinney@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div>Create a Linux group teamsysuser and add users to that group. In sudoers file</div><div><br></div><div>@teamsysusers ALL(ALL) NOPASSWD:ALL</div><div><br></div><div>Or shortcut all of this and add them to the WHEEL group (on RHEL-like systems) and uncomment the WHEEL line in sudoers file.</div><div><div class="h5"><div><br></div><div>On Tue, 2015-08-25 at 11:18 -0400, Narahari 'n' Savitha wrote:</div></div></div><blockquote type="cite"><div><div class="h5"><div dir="ltr">Here is the scenario I am trying to solve.<div><br></div><div>teamsysuer => system account without a shell but has the following entry in sudoers file</div><div><br></div><div>teamssysuser ALL(ALL) NOPASSWD:ALL</div><div><br></div><div>========================</div><div><br></div><div>narahari => regular user </div><div>robert => regular user</div><div><br></div><div>========================</div><div><br></div><div>We want to be able to allow </div><div>narahari and robert run commands as themselves and teamsysuser only.</div><div><br></div><div>I have done some playing around sudoers file</div><div><br></div><div><div>User_Alias ALL_MY_USERS = narahari robert</div><div>Runas_Alias TEAM_SYS_USER = teamssysuser</div><div><br></div><div>......</div><div>.......</div><div>....</div><div>......</div><div>......</div><div><br></div><div>teamssysuser ALL=(ALL) NOPASSWD: ALL</div><div><br></div><div>ALL_MY_USERS ALL = (TEAM_SYS_USER) NOPASSWD:ALL</div></div><div><br></div><div>=================================</div><div><br></div><div>I am not sure if this is the right approach or conceptually am I wrong ?</div><div><br></div><div>-N</div></div>
</div></div><pre>_______________________________________________
Ale mailing list
<a href="mailto:Ale@ale.org" target="_blank">Ale@ale.org</a>
<a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a>
See JOBS, ANNOUNCE and SCHOOLS lists at
<a href="http://mail.ale.org/mailman/listinfo" target="_blank">http://mail.ale.org/mailman/listinfo</a><span class="HOEnZb"><font color="#888888">
</font></span></pre></blockquote><span class="HOEnZb"><font color="#888888"><div><span><pre>--
James P. Kinney III
Every time you stop a school, you will have to build a jail. What you
gain at one end you lose at the other. It's like feeding a dog on his
own tail. It won't fatten the dog.
- Speech 11/23/1900 Mark Twain
<a href="http://heretothereideas.blogspot.com/" target="_blank">http://heretothereideas.blogspot.com/</a>
</pre></span></div></font></span></div><br>_______________________________________________<br>
Ale mailing list<br>
<a href="mailto:Ale@ale.org">Ale@ale.org</a><br>
<a href="http://mail.ale.org/mailman/listinfo/ale" rel="noreferrer" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
See JOBS, ANNOUNCE and SCHOOLS lists at<br>
<a href="http://mail.ale.org/mailman/listinfo" rel="noreferrer" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
<br></blockquote></div><br></div>